堆栈内存溢出
  简体   繁体   English

无法验证使用es256签名的Keycloak生成的JWT

[英]Unable to verify Keycloak generated JWTs signed with es256

 原文  2019-04-18 08:47:39       c#/ asp.net-core/ jwt/ keycloak

问题描述

I'm trying to use Keycloak as an OpenID provider. 我正在尝试将Keycloak用作OpenID提供程序。 Because of compliance reasons I cannot use RSA and must use ECDSA keys to sign the tokens. 由于合规性原因,我无法使用RSA,必须使用ECDSA密钥对令牌进行签名。 I'm using ES256 to sign the tokens generated by Keycloak. 我正在使用ES256来签署Keycloak生成的令牌。

I've created a simple asp.net core server that requires authentication for all controllers. 我创建了一个简单的asp.net核心服务器,需要对所有控制器进行身份验证。 This is an example of the startup.cs file: 这是startup.cs文件的一个示例: 

public class Startup
{
   public Startup(IConfiguration configuration)
   {
      Configuration = configuration;
   }

   public IConfiguration Configuration { get; }

   // This method gets called by the runtime. Use this method to add services to the container.
   public void ConfigureServices(IServiceCollection services)
   {
      IdentityModelEventSource.ShowPII = true;
      services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

      services.AddAuthentication(options => {
         options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
         options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
      })
      .AddJwtBearer(options => {
         options.RequireHttpsMetadata = false;
         options.Authority = "[keycloak address]";
         options.Audience = "hello";
      });

      services.AddSingleton<IAuthorizationHandler, DebugAuthorizationHandler>();
   }

   // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
   public void Configure(IApplicationBuilder app, IHostingEnvironment env)
   {
      if (env.IsDevelopment())
      {
         app.UseDeveloperExceptionPage();
      }

      app.UseAuthentication();
      app.UseMvc();
   }
}

I also have a client that performs authentication with Keycloak, receives the access token, and then calls the asp.net core server with the access token. 我还有一个客户端使用Keycloak执行身份验证,接收访问令牌,然后使用访问令牌调用asp.net核心服务器。

The call fails in the server with the following error code: 服务器中的调用失败,并显示以下错误代码: 

info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[1] Failed to validate the token.

Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed.

The same code succeeds when using RS256 to sign the tokens. 使用RS256对令牌进行签名时,相同的代码成功。

Has anyone experienced a similar issue? 有没有人遇到过类似的问题?

1 个解决方案

解决方案1
 0  2019-04-18 12:46:29

After digging further into the issue, it looks like Keycloak does not return the JWT signature in a standard way. 在深入研究问题后,看起来Keycloak没有以标准方式返回JWT签名。

They currently have an open issue about it. 他们目前有一个公开的问题。

For more info look here 有关详细信息,请查看此处

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 C# 中加载私有 ecdsa 密钥 es256? - How to load private ecdsa key es256 in c#? 将 ES256 算法与 jwt-do.net 一起用于 Apple AppStore - Using ES256 algorithm with jwt-dotnet for Apple AppStore 如何使用 JWK 为 ES256 alg 验证 JWT? - How to Validate JWT using JWK for ES256 alg? 在 c# 中使用 ---PUBLIC KEY--- 验证 JWT (ES256) 令牌 - Validate JWT (ES256) Token with ---PUBLIC KEY--- in c# c#JWT将ES256 PEM文件加载到CngKey(jose-jwt) - c# JWT load ES256 PEM file into CngKey (jose-jwt) 无法验证 RS256 签名的 JWT - Unable to validate RS256 signed JWT 如何解密和验证使用SHA256withRSA标准签名的签名? - How do I decrypt and verify a signature signed with SHA256withRSA standard? 无法从VB.Net验证C ++中的签名哈希 - Unable to verify the Signed Hash in C++ from VB.Net 验证使用RSA 2048位密钥,SHA256算法和PKCSv1.5填充生成的签名 - Verify signature generated with RSA 2048-bit key, SHA256 algorithm and PKCSv1.5 padding 如何创建使用RsaSsaPssSha256签名的JWT - How to create JWT signed with RsaSsaPssSha256
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM